summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/libads/kerberos_keytab.c10
-rw-r--r--source3/libads/ldap.c36
3 files changed, 36 insertions, 13 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b8d48bebd8..de40ff6912 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2081,7 +2081,8 @@ char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
const char *name, const char **vals);
-uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name);
+uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
const char *my_fqdn, const char *spn);
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index d0161ada01..8e6983897f 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -312,9 +312,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
}
}
- kvno = (krb5_kvno) ads_get_kvno(ads, global_myname());
+ kvno = (krb5_kvno) ads_get_machine_kvno(ads, global_myname());
if (kvno == -1) { /* -1 indicates failure, everything else is OK */
- DEBUG(1,("ads_keytab_add_entry: ads_get_kvno failed to determine the system's kvno.\n"));
+ DEBUG(1,("ads_keytab_add_entry: ads_get_machine_kvno failed to determine the system's kvno.\n"));
ret = -1;
goto out;
}
@@ -380,7 +380,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
goto out;
}
- kvno = (krb5_kvno) ads_get_kvno(ads, global_myname());
+ kvno = (krb5_kvno) ads_get_machine_kvno(ads, global_myname());
if (kvno == -1) { /* -1 indicates a failure */
DEBUG(1,("ads_keytab_flush: Error determining the system's kvno.\n"));
goto out;
@@ -527,9 +527,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
/* Now loop through the keytab and update any other existing entries... */
- kvno = (krb5_kvno) ads_get_kvno(ads, machine_name);
+ kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name);
if (kvno == -1) {
- DEBUG(1,("ads_keytab_create_default: ads_get_kvno failed to determine the system's kvno.\n"));
+ DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n"));
return -1;
}
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 01c4b442c8..7b9e51068b 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1516,13 +1516,13 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
}
/**
- * Determines the computer account's current KVNO via an LDAP lookup
+ * Determines the an account's current KVNO via an LDAP lookup
* @param ads An initialized ADS_STRUCT
- * @param machine_name the NetBIOS name of the computer, which is used to identify the computer account.
- * @return the kvno for the computer account, or -1 in case of a failure.
+ * @param account_name the NT samaccountname.
+ * @return the kvno for the account, or -1 in case of a failure.
**/
-uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
+uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name)
{
LDAPMessage *res = NULL;
uint32 kvno = (uint32)-1; /* -1 indicates a failure */
@@ -1531,14 +1531,14 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
char *dn_string = NULL;
ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS);
- DEBUG(5,("ads_get_kvno: Searching for host %s\n", machine_name));
- if (asprintf(&filter, "(samAccountName=%s$)", machine_name) == -1) {
+ DEBUG(5,("ads_get_kvno: Searching for account %s\n", account_name));
+ if (asprintf(&filter, "(samAccountName=%s)", account_name) == -1) {
return kvno;
}
ret = ads_search(ads, &res, filter, attrs);
SAFE_FREE(filter);
if (!ADS_ERR_OK(ret) || (ads_count_replies(ads, res) != 1)) {
- DEBUG(1,("ads_get_kvno: Computer Account For %s not found.\n", machine_name));
+ DEBUG(1,("ads_get_kvno: Account for %s not found.\n", account_name));
ads_msgfree(ads, res);
return kvno;
}
@@ -1574,6 +1574,28 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name)
}
/**
+ * Determines the computer account's current KVNO via an LDAP lookup
+ * @param ads An initialized ADS_STRUCT
+ * @param machine_name the NetBIOS name of the computer, which is used to identify the computer account.
+ * @return the kvno for the computer account, or -1 in case of a failure.
+ **/
+
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name)
+{
+ char *computer_account = NULL;
+ uint32_t kvno = -1;
+
+ if (asprintf(&computer_account, "%s$", machine_name) < 0) {
+ return kvno;
+ }
+
+ kvno = ads_get_kvno(ads, computer_account);
+ free(computer_account);
+
+ return kvno;
+}
+
+/**
* This clears out all registered spn's for a given hostname
* @param ads An initilaized ADS_STRUCT
* @param machine_name the NetBIOS name of the computer.